fault tree analsyis for piper alpha disaster
DESCRIPTION
This work is about the Piper Alpha disaster, it covers areas such as a short description, hazards, lessons, fault tree analysis etcTRANSCRIPT
1
1. Brief Description of the Piper Alpha Accident
The Piper Alpha accident, a major offshore disaster which turned around safety regulations in the oil/gas
sector in the United Kingdom thus giving birth to the “Offshore Installation (Safety Case) Regulation 1992
and the transfer of offshore safety from the Department of Energy to the United Kingdom Health and
Safety Executive, occurred on the 6th
July 1998 in block 15/17; a facility which comprised of module A, B,
C and D and was run by Occidental Petroleum (Caledonia) Ltd in the North Sea (Drysdale and Slyvester-
Evans 1998, Sam 2012).
The accident occurred due to process disruption by production under high pressure, removal of pump A
for maintenance, removal of PSV 504 for recertification and set of miscommunication which resulted to
release of condensate via leakage from a flange causing series of explosions firstly in module C and
through module B. These series of explosions led to the rupture of a gas line, tanks and other structures
leading to huge fire invading the gas riser of different platforms connected to the Piper Alpha thus resulted
to an uncontrollable fire beneath the platform which burnt across module B and C and even to more
important areas of the platform due to the design structure of the upper-side of the platform. This resulted
to total damage in the initial phase of the disaster to the control room and the radio room (Pate-Cornell
1993, Sam 2012, Pranav 2013).
However, as a result of these series of explosions and other events, tremendous damage which was
facilitated by structural failures led to the total loss of the Piper Alpha platform in such that only module A
was standing at the end of this disaster. Furthermore, 165 personnel who worked in the platform and 2
rescue workers were killed, and a monetary loss of over $3 billion was estimated (Pate-Cornell 1993,
Pranav 2013).
2. Identification, description of hazards and how they cause failure in accident.
The Piper Alpha accident occurred due to combination of various hazards that contributed it’s quota thus
leading to the accident which happens to be one of the biggest accidents in the oil and gas sector. More so,
there is the probability that the extent of loss encountered in this accident would have been minimised
whereas efforts had been made to checkmate some of these hazards (Drysdale and Slyvester-Evans 1998).
In this section, effort will be made to identify each of these hazards and their relationship with the accident.
1) Condensate leakage from hand tighened flange at site of PSV 504.
The leakage of condensate is the product of series of events. These events includes the isolation of
pump A, isolation of relif valve A (PSV-504), removal of permit to work of relieve valve A by day
shift personnel, lack of update on removal of relieve valve A to night shift personnel and inability of
night shift personnel to simply reconnect back power supply to pump A prior to restarting of pump A
because these night shift personnel had knowledge that a permit to work had been issued for pump A
for maintenance for two weeks and that pupm A has been electrically isolated. These several lapses
contributed hugely to the failure in Piper Alpha. This is so because, the ignition which caused the first
explosion originated from the point of condesate leakage which occurred when the night shift
personnel restarted pump A after several attempt of restarting pump B after it had tripped. The release
of condensate from the hand tightened flange on PSV-504 produced a flammable mixture as the
condensate gathered in module C where it reacted with an ignition source thus leading to the first
explosion. Therefore, this initiated the entire event (Chevron Corporation 2013, Brian 2001).
2) The non-visibility of the digital control system (DCS).
The digital control system is a vital equipment in process control and cordincation of all production
processes. The visibility of the display screen is extremely important because it aids in the quick
identification of any deviation in the production process, but in the cae of the Piper Alpha platform, the
display screen which served as the monitoring boards were obviously not visible. This contributed to
failure in the case of the Piper Alpha because it led to a situations where the personnel was unable to
trace the origin of a warning alarm from the DCS in order for the personnel to initiate the right
mitigation in retifying the process disturbance so as to shutting down the alarm, thus preventing any
escalation which could lead to any form of faiure event. The inability to trace the origin of the first
alarm contributed immersely to the disaster in Piper Alpha (Pate-Cornell 1993, Brian 2001).
2
3) Failure of permit to work system
The permit to work is a vital system in industries because it helps to keep in view works which are
ongoing onsite and helps to relate each of these work where necessary. In Piper Alpha, the system of
permit to work was poor. This is because, there was no reference of the the 24 months ongoing
maintenance work on pump A and the recertification work of PSV 504 by the night shift personnel.
More so, after the end of the day shift, the return of the permit to work which had been assigned to
PSV 504 did not follow the laid down rules thus breaching thee permit to work system. Besides, the
permit to work for pump A and PSV 504 did not make reference to each other. Therefore, upon failure
of pump B, the night shift personnel decided to start pump A which would not have happened if the
personnel has seen the permit to work of PSV 504 or even been aware of it removal for recertification.
This to a great extent caused failure in Piper Alpha (David 2013, Oil and Gas n.d.). Moreover, the
failure of the permit to work system as regards disaster was not formally in the procedures but was
rather in the practical applications (M 1991, Brian 2001).
4) Operation of the fire fighting system
Fire fighting system is a very vital system which has to be highly effective and always functional in
any offshore facility especially one like the Piper Alpha. The reason been that, unlike onshore facilities
where emergency services whenever needed arrives within minutes, offshore facilities need to handle
any form of emergency on the facility using the available and installed equipments on board with crew
members while waiting for arrival of emergency services. Besides, the platform had a fire fighting ship
which could pump water onto it, but had minute effect to curtail the disaster and there was a deluge
system which happened to be the main fire fighting equipment which sprayed certain amount of water
across equipment areas that contained hydrocarbons (Pate-Cornell 1993, Brian 2001).
Furthermore, the deluge system was supplied sea water by sets of electrical pumps which were
rendered inactive at the onset of the first explosion which damaged the mai unit responsible for power
supply. Athough, the risk of the electrically powered pumps been non-functional had been analysed
with backup automatic diesel pumps provided to mitigate this risk. However, these diesel pumps were
on manual operation mode on the night of the disaster, so they could not start automatically to pump
water to the deluge system which could have curtailed the pump (Pate-Cornell 1993, Brian 2001).
Moreover, the probability of the deluge system been efficient in curtailing this disaster had the
automatic diesel kick started was unlikely. This is because part of the system had probably been
damaged by the first explosion. Also, the entire heads of system had been blocked due to corrosion of
the pipe by sea water and the disposition of corroded particles on the spray heads. Several attempts has
been made to solve this problem but to no avail, so a decision to replace the pipes was reached but had
not been totally replaced when the incident happened. Therefore, the lack of a properly functional
deluge system contributed immersely to the failure. Besides, if it had been functional, the extent of loss
would have been curtailed by the spray of high pressure water on the platform (Leal-Valias n.d., Pate-
Cornell 1993, Brian 2001).
5) Low level of safety training
The low level of training in Piper Alpha contributed to the failure event. This is because personnel
were supposed to be trained but often times this trainings are waived once personnel admits to have
work offshore in the past. This practice by management helped to bring to the barest minimum the
safety culture amongst personnel thus leading to a situation where the right procedure of carrying out
production tasks were often neglected. This was evident in the personnel response of not been able to
work over time when they knew that PSV 504 was an important valve in the facility that should be
fixed in the shortest time possible since there is always the possibility of a breakdown of the other
functional pump. More so, this neglience due to low safety training is also seen in the aspect of
supervisors who failed to take actions like caution personnel or even report personnel negligent to
safety to management. More so, this is evident in the the flange on the PSV 504, was only hand
tightened without by personnel who did not deem it necessary to perform a leak test after tightening the
flange. More so, the low level of safety training was evident because personnel failed to understand the
need to properly communicate all ongoing work during shift change over and also failed to access the
link between every on-going job on site in Piper Alpha (Chevron Corporation 2013, Brian 2001, Leal-
Valias n.d., Pate-Cornell 1993, Sam 2012). The low level of safety training thus contributed hugely to
3
the event of Piper Alpha because of the negligence exhibited by personnel because no appropriate safet
training was provided
6) Lack of blast walls installed between modules
The importance of blast walls in an oil rig cannot be undermined. This is because it help to a greater
extent in preventing fatalities in the case of any failure event which ivolves explosion or even fire
outbreak in the facility. In Piper Alpha the firewalls were made up of bolted lattice-work construction.
These fire walls were not designed to withstand explosion so when the first and second explosions
occurred, B/C and C/D firewalls were all blow off causing tremendous increase in damage. More so,
the damage of the firewalls also affected the destruction of the control. Hence, if there had been blast
wall that could withstand the first and second explosion, the degree of damage and loss of life in Piper
Alpha would have been minimal. Moreover, a risk assessement conducted earlier had suggest the
subsequent installation of blast walls when it considered the effect of failure of a high pressure gas
pipeline. This recommendation was once again neglected by management thus on the eventual failure
of a high pressue gas pipeline, devasting event as seen in the loss of Piper Alpha was the result of
management negligence (Chevron Corporation 2013, Pate-Cornell 1993, Brian 2001, Mohamad 2013).
7) Siting of extraction equipments in close proximity tothe control room
The building of process equipments near the control to great extent contributed massively to the event
of Piper Alpha which happens to be the “ location where all production activities are monitored,
controlled, coordinated and information sent out to personnel as regards production status and
conditions on site constantly”. But, the initial explosion totally destroyed the control room and killed
personnel who had mad efforts to intiate mitigation through the DCS. Therefore, the nearness of the
control room to production facilities was totally a hazard in waiting (Leal-Valias n.d., Pate-Cornell
1993, Brian 2001).
8) Lack of communication amongst personnel
The issue of communication is very relevant in the offshore facilities. In Piper Alpha, communication
was tolled with amongst personnel. For example, the day shift personnel failed to inform the night shift
personnel about the status of PSV 504, the supretendient failed to ask the technicians about the status
of PSV 504 at the end of day shift. This situations clearly shows that the lack of communication is a
hazard which contributed to the accident (Pate-Cornell 1993).
9) Management lapses
Management failed to perform trainings for newly recruited personnel, it also operated a situation of
promotion whereby unqualified personnel are assigned task which they have no capacity to perform.
More so, the number of crew members on board the Piper Alpha were not enough, this entails that
management failed to employ as many as needed personnel in the operation of the platform. Thus,
giving room to a situation where a personnel need to perform tasks such personnel never had a prior
knowledge on. More so, the head of the deluge system which had been recommendation for change due
to corrosion effects even after several years was not totally changed. More so, the failure of
management to immediately switch the diesel fire pump back to automatic mode even after 24 hours
that divers had stopped work in the waters close to the platform. Therefore, management lapses is
hazard that caused the accident (Chevron Corporation 2013, Leal-Valias n.d., Pate-Cornell 1993, Brian
2001). More so, the methanol system which helps prevent hydrate formation on pipeline in the facility
had problems and was neglected by management. Therefore causing pump B to trip as hydrate had
accummulated in the line (Mohamad 2013). All these are management lapses which if had been
properly controlled, maybe the incident of Piper Alpha would have been prevented.
10) Installation of the gas conservation module close to the utility module
The gas conservation module in the platform was too near to the utility module. This contributed
tremendously to the disaster because it the gas conservation module provided fuel for massive fire thus
leading to several explosion that resulted to the ruputring of several facilities on the Piper Alpha. More
so, it was the main source of the smoke that prevented emergency workers from accessing the platform
and also assisted in the formation of the jet fire after the rupturing of the Tartan riser, Claymore riser
and MCP01 riser (Leal-Valias n.d., Pate-Cornell 1993, Brian 2001).
4
11) The restructure of the platform
Piper Alpha was initially an oil rig but was modified later on into a gas production facility. The
conversion of the facility to oil and gas facility posed as huge hazard because the change was not
managed effectively and efficiently. More so, this change implied that both oil and gas pipelines will
be in close proximity thus no inherent safety practice was put in place to curtail any issues which might
arise. (Mohamad 2013)
3. Fault-tree analysis.
The use of fault tree to analyze the Piper Alpha disaster is relevant.The reason been that it helps to
explicitly provide the relationships that exist between the series of events that led to the disaster. More so,
it provides for an opportunity to fully qunatify the events. In the construction of the fault tree for Alpha
various events is considered and linked together to show their role in the accident. Furthermore, the use of
fault tree will provide an opportunity to prioritize the events thus showing the event which played high
contributory role that led to the event.
Table 1: Description of Keys to Fault Tree
Events Description of event Event Description of event
TE Loss of Piper Alpha due to explosions
and massive fire Failure of deluge system
Rupture of higly pressurized LPG
pipeline Continuous operation of Pump A
Bursting of Claymore riser Process disturbance (production under high
pressure
Rupture of MCP01 riser Removed PSV 504 for recertification
First explosion in Module C that
housees process oil and gas Unable to complete recertication work of
PSV 504 before shift change
Condensate leakage from PSV 504 of
pump A Misplace permit to work of PSV 504
Hand tightened flange on PSV 504 Misplace permit to work of PSV 504
Restart of pump A Permit to work of pump A kept in different
location
Closure of permit to work of pump A Failure of personnel to reconnect power to
pump A
Need to continue production Hydrate formed in pipeline resulting to
tripping of pump B
Rupture of 120 atm Claymore riser Pump A was marked for maintenance
Second Explosion in Module B due to
rupture of 55 tonne oil tank Permit to work of pump A was with no
reference to PSV 504
Light weitgh condensate pipeline
rupture Failure of Tharos fire equipment
Loss of C/D firewalls Jet fire from broken riser
Loss of Control Room Huge leakage of crude oil in Module C
which gathered on the grates
Loss of main power supply Failure of B/C firewall
Failure of emergency shutdown system Spread of fire across Module C
Failure of gas detector Continued supply of oil and gas from
Claymore and Tartan platform
5
Figure 1: Hand Drawn Fault Tree of Piper Alpha Disaster
6
4. Explanation of logic leading to accident using Boolean Logic
The Boolean loogic is used to explain th logic behind this event considering the fault tree from top
to down
The destruction of Piper Alpha was the result of combination of either of
three (3) intermediate events that were aftermaths of series of intermediate and basic events. The
combination of these events, which includes, the “rupture of highly pressurized LPG pipeline ”
“bursting of Claymore riser ” “rupture of The
. Besides, either of these failures led to the loss of Piper
Alpha platform which slipped into the North Sea at the end of the sequence of events albeit Module
A which survived the disaster. More so, out of the 226 personnel onboard the Piper Alpha, 165
personnel lost their lives and 2 other persons from the rescue team were killed.
However, “rupture of the highly pressurized LPG pipeline caused by the “loss of C/D
firewall “loss of Control Room “loss of main power supply
“failure of emergency shutdown system failure of gas detectors “failure of
deluge system “first explosion in Module C which houses processed oil and gas
combine to initiate the onset of the devastating intermediate event. However the occurrence of
intermediate event triggered the onset of series of basic events , which
simultaneously combined, resulting into applicable because these
events uniquely combined with each contributing its quota.
Furthermore, the “rupture of the claymore riser ” occurred due to, “failure of Tharos fire
equipment ” “jet fire from the broken riser ” “the rupture of the Tartan
riser ”. The Tharos firefighting equipment been an equipment put in place for mitigation of any
fire incident on the Piper Alpha platform began to melt at the inception of the first explosion and
massive fire thus resulting into a situation where the equipment was unable to perform its duties,
thus allowing the formation of huge jet fire, hence contributing to the rupture of the Claymore riser
due to formation.
Moreover, “the rupture of the Tartan riser ” which helped transport oil and gas in the Piper
Alpha for onward onshore transportation for processing resulted from “the huge leakage of crude oil in
module C which gathered on the grates which had been kept on the platform by divers
“failure of B/C firewall ”, an aftermath of the first explosion, “second explosion on
module B due to the rupturing of 55 tonnes oil tank ” “spread of fire module C ”. The
rupture of the Tartan riser supplied fuel to the fire which was already burning in the Piper Alpha.
In addition, “the second explosion ” which occurred in the Piper Alpha was the effect of the “light
weight condensate pipeline rupturing ” “the continued supply of oil and gas from
Claymore and Tartan platform ”. On the onset of the accident, the two platform that
transported oil and gas to Piper Alpha for onward transportation to onshore facility continued this
cycle of fluid transportation, thus providing more fuel for the already massive fire that have
developed in the platform. .
Also, the“light weight condensate pipeline ruptures ” happened bcause of “the leakage of
condensate from the PSV 504 of pump A ” “continual operation of pump A ”
“process disturbance as a result of production been performed under high pressure ”.
Furthermore, “rupture of ” resulted from the, “failure of Tharos fire
equipment ” “jet fire from the broken riser ” “the rupture of the Tartan
riser ”. . The rupturing of the , resulted into
the release of gas into the atmosphere thus resulting into the formation of huge flames.
Also, “first explosion in Module C ” occurred due to the an intermediate event and two basic
events, “the leakage of condensate from the PSV 504 of pump A ” “continual operation of
7
pump A ” “process disturbance as a result of production been performed under high
pressure ”
In addition, “condensate leakage from PSV 504 of pump A ” resulted from the “hand tightened flange
on PSV 504 ” “the restart of pump A which was due for maintenance by night shift
personnel ”.
Moreover, the “hand tightened flange on PSV 504 ” was done by personnel who have earlier “Removed
PSV 504 for recertification work ” was “unable to complete the recertification before shift
change ” “misplaced the permit to work of PSV 504 )”.
Also, the “restart of pump A ” is the onset for the disaster in Piper Alpha. The combined nature
of the “misplaced the permit to work of PSV 504 )” the fact the “permit to work of pump
A was kept in different location ” the fact that the “permit to work of A was closed as a
result of miscommunication and misconception ” . The restart
of pump A after several attempt to restart pump B.
Furthermore, the “permit to work of A was closed as a result of miscommunication and
misconception ” was as a result of the intermediate event, that is “need to continue
production a basic event which “failure of personnel to reconnect power to pump
A which had earlier been isolated. The permit to work of pump A was closed because it
started that the work for which the permit to work was open will be started on the 7th
July,
1988. ” .
Besides, the “need to continue production resulted from the production situation that arouse when
“hydrate formed in production pipeline resulting to tripping pump B t as “pump A was
marked for maintenance the “permit to work of pump A was with no reference to PSV
504
Moreover, the intermediate event are connected to intermediate event to through
intermediate event the . This implies that the various events that occurred from intermediate
event to contributed to the occurrence of intermediate event as shown on the fault
tree.
Therefore, it is the “rupture of highly pressurized LPG pipeline ” “bursting of Claymore
riser ” “rupturing of combined with the various intermediate and basic
events.
5. Actions to prevent future failure
In regards to the Piper Alpha disaster, there are several actions which could be taken to prevent the
reoccurrence of such disaster in the future. These actions include
1) Ensuring to put in place a proper auditing and monitoring system
A proper auditing and monitoring system is a relevant step which must be taken to ensure that
future failure does not occur. The reason why this is necessary is because, this ought to be one of
the key areas of the safety management system of any organisation that really want to prevent to the
lowest minimum the occurrence of failure event which could put workers safety and the
environment at a loss. In the case of Piper Alpha, it is evident that there was safety audit and
monitoring but it was not of right standard and quality as many of the deficiencies could have been
picked up it the auditing and monitoring was of standard. Therefore, it is reason to perform a
standard and proper auditing./monitoring so as to ensure that no casaultive agent of event failure is
left unidentified. More so, the need for a proper auditing and monitoring system is to ensure that
the right mitigation and actions are put in place in to avert failure.
2) Ensure proper safety training for all personnel including contractors and sub-contractors.
There is need for proper training to be regularly conducted for all personnel. The reasons to
perform such training is to ensure that personnel are always aware of the need to be safety
conscious while carrying out their jobs. In addition, all new recruits should be exposed to training
such as fire training, emergency response training before ever resuming work. This will to a great
8
extent alight the new recruit of the importance of always been safety reliant while performing their
jobs.
3) Provision of temporary safe shelter
In the case of Piper Alpha, most fatalities occurred as a result of suffocation from inhalation of
smoke. Therefore, it is necessary for operators to always provide a temporary safe shelter where all
onboard personnel outside the accommodation platforms can always take refuge during emergency
with proper instruction followed while doing so prior to evacuation. This temporary safe shelter
could be in the accommodation or production platform and constant safety drills should be
performed to always keep personnels alert on how to evacuate to the temporary safe shelter when
necessary. More so, there should be total protection against the enterance of smoke or fumes of any
form into the temporary shelter and provision should be made in the design to ensure that
ventilation dampers of such shelter do not shoot on high temperature as was the case of the
accommodation block in Piper Alpha.
4) Strong safety culture should be inculcated
There is need to inculcate a strong safety culture at all levels to prevent a repitition of the Piper
Alpha disaster. In Piper Alpha the safety culture was poor thus giving room to situation of “I do not
care attitude”. This is evident in the ways the facility was been handled, personnel with low
qualification promoted to occupy key positions by management, inability to adhere to
recommendations for change of head of deluge system, unwillingness to perform safety training.
Inculcating a strong safety culture will help to prevent future accident failure because, personnel
and management will always perform work practices in ways that controls hazards effectively,
there will be a much more high level of positive attitude in managing risks and compliance to laid
down rules of prodction thus providing personnel and maanagement the opportunity to learn from
failure events and near misses which will help prevent future reoccurrence.
5) High quality safety management should be practiced
High quality safety management is relevant to prevent the reoccurence of the Piper Alpha disaster.
In Piper Alpha, the decision to always switch the diesel fire pumps to manual mode each time
divers were on the water was right but it lacked quality in that it did not put in place a procedure
that will immediately turn on the diesel fire pumps back to automatic mode immediately divers
leave the water. Quality safety management is necessary because it ensures that standards are not
broken thus providing a quality system where lives of personnel and even the equipment are highly
safe. Moreso, quality safety management will help prevent future reoccurence because the right
safety system will be provided to enure high quality safety management. More so, this will reflect
in the safet culture of personnel.
6) Thorough Hazard and Operability Study (HAZOP) should be conducted.
It is essential that a proper HAZOP should be carried out during the design stage of platform to
prevent the future reoccurence of the Piper Alpha disaster. In doing this, the possible hazards will
be identified and mitigation measures rightly put in place to eithere eleminate those hazards or
curtail its tendencies to cause harm.
7) Proper positioning of emergency shutdown valve (ESV)
The position of emergency shutdown valve is essential because it helps prevent the onset of
failures. In Piper Alpha, the ESV was not properly installed along the Claymore, Tartan and
MCOP-01 risers which resulted into the rupturing of these risers. For example, the ESV of the
Tartan raiser was far from were the Tartan riser ruptured. However, if the ESV’s were properly
located close to the sea level, it would have shut down these risers at the onset of the first explosion
thus curtailing the effect of the failure event. Therefor, it is recommended that the ESV be properly
positioned in production faciltie so as to avoid repeatition of the Piper Alpha disaster.
8) A proper permit to work system should be put in place
A proper permit to work system unlike that found in the Piper Alpha will help prevent a disaster of
this magnitude in the future. This is because the permit to work will provide an effective means of
communication between personnel especially during shift handovers. A proper permit to work
9
system will be made possible by making the procedure from opening to closing a permit to work as
easy as possible and also providing trainig to personnel on how best to perform work practices with
the work permit. Moreso, the work permit system should include a practice whereby padlocks
should be used to lock isolated units with red flags been placed on them and such isolated units
permit to work been rightly kept in the designated places in the control room.
More so, the following can be done to prevent the reoccurence of future events
The setting up of a system which must be included as part of normal operating management for
the timely resolve of faults in safety critical equipments must be available.
There should an interactive effect system set up to resolve emergencies between linked
operating system.
A proper evacuation and escape system should always be set up.
The installation of a susbsea isolation valve should be provided and installed on a case to case
basis on facilities.
Personnel should only be promoted and assigned duties to key positions only by merit and
prove of having adequate exposure and experience to handle such key positions.
Personnel should be empowered to always stop any workr on site which deviates from the laid
down safety rules and regulations
Mock evacuaton muster should always be conducted to enlighten personnel on the evacuation
routes and safety measures to be applied during evacuation.
6. Quantification of the fault tree and probability of the top event
The quantification of the fault tree analsysis drawn for the Piper Alpha disaster is to determine to what
extent did each of the basic and internediate event contribute to the event failure.
In this process, the Boolean algebra will be used and necessary calculation perfom from the top event.
In addition, all the basic event are denoted as , intermediate events as and the top event as
More so, in qunatifying the fault tree analysis, certain probabilities have been used and justification are
as fellows.
1) Loss of control room: The probability was chosen because the personnel chose to abandon the
control thus failure to act correctly in the first 60 seconds of an extremely high stress condition which
lead to devasting effects (P 2002).
2) Failure of C/D and B/C firewalls: The probability of 0.5 was selected because according the
firewalls of the modules of Piper Alpha were not built to withstand explosion (Pate-Cornell 1993).
Also, because the level of explosion was not properly outlined, it became imperative that a 50:50
situation be applied in selection of the probability. This implied that the explosion could be high
explosion that will destroy the firewalls or a low explosio which will not destroy the firewalls.
3) Failure of Emergency shutdown system: The probability of 0.00055 was selected because of the
potential of multiple fatalities which was present in Piper Alpha and also based on Safety Integrity
Level 3 (SIL 3), (Magnetrol 2009).
4) Incomplete recerticaition of PSV 504, Removal of PSV 504 for recertification and
misplacement of permit to work of PSV 504: The probability of 0.3 is chosen because of the lack of
safety training of personnels in Piper Alpha which led to negligence. Moreover. This probability was
chosen because to a greater extent human error is a contributory factor because these personnel could
have been under general high stress condition due to limited crew members on board. (P 2002)
5) Oil leak and gathered on grates kept: The probaility selected is 0.3904.Here, the probability is
considered to be as a result of two factors, deficient safety training and inefficeint emergency plan. The
grates where oil gathered was kept on the platform by divers. This grates ought to be kept in the store
house but beause there was deficient trainging whose probability is 0.0487 (Yan, et al. 2011) and
inefficient emergency plan with probability of 0.0862. These probability were considered because the
divers could have kept these grates because of either reasons.
However, all other probabilities were obtained from relevant journals.
10
Calculations
From the fault tree,
Solving for
Solving for
Solving for
11
7. Prioriting of accident contributory factors
In prioritizing the contributory factors that led to accident, the minimal cuts sets are determined for the
fault tree using the Fussell - Vesely Algorithm. Thereafter, calculation are made to prioritize.
Table 2: Cut sets for Fault Tree Using Fussell-VeselyAlgorithm
1 2 3 4 5
T
6 7 8
9 10 11
Table 3: Minimal Cut Sets for Fault Tree
Table 4: Faulty Tree Analysis showing priority of minimal cut set
Considering table 4, it is seen that the cut set that will contribute to the fast occurrence of the event failure
comprises mainly of events which results from flaws in design of the Piper Alpha and negligence of
Minimal Cut Sets
No Q W Events in minimal cut sets
1
0
2
0
3
0
12
management. Hence, it is recommened that thorough efforts should be put in in the areas of identification
of hazards and mitigation measures provided during design stage of platforms so as to avoid a repetition of
the Piper Alpha. More so, management need todo the right things so as to avoid a situtaiton whereby
personnel neglect safety measures while performing production tasks on platforms. However, huge funds
are involved in doing this as such it is adviceable that while taking into consideration ways to eliminate
design flaws the measures and funds put into doing this should be proportionate thus the “principle of
ALARP” should be the key while doing this.
Solving for priority of each basic event by replacing each with
13
14
From the above calculations, it is concluded that three groups of basic events can identified and prioritized
by values when probability of each basic events was taken as 0 and replaced into the cut sets 0
Table 5: Priority of Basic events group according to top event value (TE) value
Basic Events Priority Priority explanation
1 Each of these basic event had equal effect on the
top event, therefore they have high priority to cause
failure
2 Each of these basic event have equal effect on the
top event, therefore, they have low priority to cause
failure
0
3
Each of these basic event have equal effect on the
top event, the have very low effect to cause failure
From table 5, The contributory factors have been grouped into three categories with each group having
same contributory effect on the top event. From the table, it can be concluded that design flaws are the
huge contributors to the failure event. These design flaws are such that could have been eliminated if
inherent design stragegy was thoroughly applied during the design phase of the platform. Thus, adequate
measures which considers safety from the design stage of platfroms should be taken to eliminate the
replicate of the Piper Alpha disaster or any disastrous event in the future. This measures should be those
that include HAZOP, fire and explosion modelling as sregards how both will affect the real-life platform
etc. More so,the principle of “ALARP” need to be the foremost determinant while doing this.
15
8. Conclusion
The event of Piper Alpha disaster turned around the oil and gas industry especially in the UK where it
gave birth to new offshore regulations. Moreover, it is always relevant for operators to always ensure
that safety is paramount in whatsoever activities which concerns the drilling, production and operation
of oil and gas facilities. Furthernore, it is recommended that the various actions which has been
carefully outlined in this report be taken into consideration in present and future practice of industries
so as to avoid a reoccurence of event such as the Piper Alpha or any resemblence to it.
More so, government should monitor the promotion and employment of personnel in the oil and gas
industries especially offshore facilities so as to ensure that only competent hands are employed and
trained. However, safety should be more of proactive then reactive as this will safe huge capitals that
are paid as compensation in situations of accidents.
16
Reference
Brian, Appleton. "Piper Alpha." In Learning From Accidents, by Kletz Trevor, 196 - 206. Oxford:
Butterworth-Heinemann, 2001.
Chevron Corporation. "Process Safety in Chevron." History and Evolution of Process Safety in Chevron.
2013.
http://sache.org/workshop/2013Faculty/files/AIChE%20August%202013%20DW%20Jones.pdf
(accessed November 08, 2013).
David, C Shallcross. "Using concept maps to assess learning of safety case studies - The Piper Alpha
disaster." Education for Chemical Engineers, 2013: e1-e11.
Drysdale, D D, and R Slyvester-Evans. "The Explosion and Fire on the Piper Alpha Platform, 6 July 1988.
A Case Study." Philosophical Transaction: Methematical, Physical An Engineering Sciences (The
Royal Society) 356, no. 1748 (December 1998): 2929-2951.
Leal-Valias, Marcel. "Managment of Change: Student Handout." n.d. http://dc126.4shared.com/doc/ZW-
AXi6k/preview.html (accessed November 13, 2013).
M, Elisabeth Pate-Cornell. A Post-Mortem Analysis of the Piper Alpha: Technical and Organiztional
Factors. Research, Stanford University, 1991.
Magnetrol. Understanding Safety Integrity Level. Illinois: Magnetrol Internation, 2009.
Mohamad , Najib B Abdul Rahim. Vulnerability Assessment of Blast Walls of Offshore Structure under
Accidental explosion. Dissertation, Ipoh: Universiti Teknologi PETRONAS, 2013.
Oil and Gas. "Piper Alpha: Lessons Learnt, 2008." n.d.
http://www.oilandgasuk.co.uk/cmsfiles/modules/publications/pdfs/HS048.pdf (accessed November
04, 2013).
P, L Clemens. Human Factors and Operator Errors. Report, Jacobs Sverdrup, 2002.
Pate-Cornell, Elisabeth M. "Learning from the Piper Alpha Accident: A Postmortem Analysis of Technical
and Organizational Factors." Risk Analysis 13, no. 2 (1993): 215-232.
Pranav, Jotani. Piper Alpha. Nottingham: Nottingham Trent University, 2013.
Sam, Mannan. "Appendix 19." In Lees' Loss Prevention in the Process Industry, by Manan Sam. Oxford:
Butterworth-Heinemann, 2012.
Yan, Fu Wang, Xie Min, Ming Ng Kien, and Salahuddin Habibullah Mohamed. "Probability analysis of
offshore fire by incorporating human and organisational factor." Ocean Engineering, 2011: 2042 -
2055.